Regarding the 5% inflation, which can look like a lot to some people, its worth pointing out two important things:

Only 20% of those tokens actually go to the block producers, the remaining tokens get sent into a savings fund, which is still untouched and was originally meant to be used via a DAO to subsidize development on the chain. So only 1% EOS inflation actually gets paid to block producers overall.

There was an on-chain referendum where the big majority agreed to reduce yearly inflation from 5% down to 1%, meaning only the block producers will get paid and the original other 4% will no longer go into that savings fund. When that change goes live it looks like the fund that accumulated all these tokens over the months will get burned.

So all that to say, inflation payment to block producers is significantly less, the token distribution won’t spiral out of control that quickly.

About the Keys & Accounts -section… I understand the concept and meaning of Active and Owner keys. But what if I have a hardware wallet like Ledger Nano? Does those Active/Owner keys still matter because the private keys are not accessible? I mean that in this case you can have same private/public keys to both Active/Owner and it’s still safe?

…But of course you need to know every transaction and smart contract that you are executing because there is a chance that corrupted contract changes your owner key?

Even with a hardware wallet it is still recommended to have a separate keys for owner and active permission.

You could have the first EOS key from Ledger as your owner permission and the second key as your active permission. In your wallet (e.g. Scatter) you only ever import the active key, keep the owner key offline.

Then if a malicious contract tries to make you sign a transaction to change the keys on your account there is no way you accidentally ever overwrite your owner permission because your wallet just has access to the active permission and thus is only allowed to overwrite the active permission, and not owner.

So once you notice your mistake (e.g. your EOS tokens get unstaked and you get an email notification, which various services let you set up), then you can import your owner key into your wallet and use it to overwrite the active permission again to a brand new key, thus locking the scammers out.